Jump to content

Recommended Posts

Hello    :welcome:

You indicate that Malwarebytes for Windows reports no malware present.   What is the antivirus application on this PC ?

Have you done a scan with Antivirus?

 

Do not use Task Manager percentage display  as any "gauge"   for the first minute or so.  It is a known fact of life that it needs a minute to settle in with what it displays.

Rather, use known security tools to help you determine whether or not in fact there may be a infection.

Link to post
Share on other sites

P.S.      

Regarding Task Manager, you need to totally not pay attention to the percentage  for like at least one minute.   The very initial display is NOT the real deal.  You need to let the app settle down.

The CPU usage can fluctuate depending on all sorts of conditions.  It  ( high cpu usage  at some moment in time) does not mean that there is some kind of "infection".

 

You should review this topic .   It takes a while for Task Manager to compute tasks & then refresh the display..

https://forums.malwarebytes.com/topic/252362-cpu-usage-always-at-70-until-task-manager-is-open/

 

 

Link to post
Share on other sites

I have Kaspersky Total Security. It is also unable to detect any malwares.

I am quite sure it is a malware because there are other issues like laptop crashing, random glitches on the screen (taskbar to be specific)

 

And also, last month the antivirus had detected this:- Trojan.Multi.BroSubsc.gen

As soon as it was detected, the scan got cancelled itself and never detected it again.

Attaching text file

report.txt

Link to post
Share on other sites

Hi,  Please know that system Windows 'crashing'  can be due to a number of different factors.

It is good to know that Kaspersky reports no malware.   When was the last run with Kaspersky ?

Is that report one from Kasperky ?   run on 3rd  September ?

Please let me know that as part of your next reply.

.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  C:\Windows\debug\msert.log
Please attach that log with your reply.
 

Link to post
Share on other sites

Yes, that report is from 3rd September.

Last scan using kaspersky was yesterday.

The problem is that during the scan when the malware was detected, that scan was itself cancelled. Can be seen in the file attached earlier.

No disinfection process was undertook and it was never detected in any future scans. So I believe that it might still be there.

 

I used the Microsoft Safety Scanner.

Attached two files, first one is of a quick scan.

The other (msert_full_scan) is of a full scan (renamed file to avoid confusion)

 

msert.log msert_full_scan.log

Link to post
Share on other sites

Thank you for the reports.  The result of the scan by Malwarebytes for Windows is encouraging.

Lets do a different scan with a different tool.

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 
 

Link to post
Share on other sites

Did the scan with ESET software. Attaching log file

Also, while normal web surfing there was a pop up from malwarebytes and it blocked one website from opening. Attaching that log too.

Is it possible that a website in the top 3 search results on google can be harmful (trojan/malware)? 

 

Thanks

eset_scan_log.txt pop-up_log.txt

Link to post
Share on other sites

Thanks.   The result from ESET onlinescanner is awesome

Quote

30-09-2020 22:25:29 PM
Files scanned: 606887
Detected files: 0
Cleaned files: 0
Total scan time: 02:50:08
Scan status: Finished

 

As to the block notice event, know that the web protection is keeping the pc safe & away  from potential harm.

The block is on    IP Address: 176.114.9.149             Domain: adservd.com

.

As one step,  a thorough scan for adwares can be done using Malwarebytes'  Adwcleaner

Please close   all  open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner


 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.
 

Link to post
Share on other sites

The browser screenshot above showed a time out error.  Those can be temporary.

The Adwcleaner report found no adwares / nothing malicious.   It only flagged some HP manufacturer pre-installed  applets, like HP SuppportAssist.   Leave those be.

close Adwcleaner if it is open.   We can put that aside.

.

Lets get & run a different tool to check for virus

TrendMicro HouseCall scan
https://www.trendmicro.com/en_us/forHome/products/housecall.html


First, Download & Save to your Downloads folder the appropriate HouseCallLauncher

Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.
Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

IF you wish a Full scan or a Custom scan, first click on the Settings
then you can select which drives you want to include in the scan.
The default is a Quick scan.
Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
If you see an item that you know is safe, you can click the Action  , and select Ignore.
When all done & ready, click the Fix now button.

Link to post
Share on other sites

There is a better app from Microsoft that will function as a much better replacement for the standard Task Manager  that comes package with Windows.

It is called Process Explorer.   Be real sure that you save the file-download to some unique folder of your own naming.   That is to say, save the file first to a permanent folder.

 MS Process Explorer.

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

 

Once it is saved, with the download completed, close the browser window.

Go to where you save the download.  The file is named Processexplorer.zip

Extract all content of that zip file 

Double click the file procexp.exe  to start Process Explorer.

Look at the menu bar of the program.   Select Options.    then click on Replace Task Manager

.

Process Explorer is far superior to the standard Task Manager.

Link to post
Share on other sites

So, as none of the tools detected any threats, Im probably not infected? 

But im facing a lot of issues. Like random blue screens. Attached a photo of the latest one which happened approx 15 days back and there was a screeching noise coming out. I have a video too, if you want to have a look.

This is only of the latest one, I have encountered atleast 5 blue screens in the past 50 days. 

What can be done to resolve this?

look_at_this.jpg

Link to post
Share on other sites

Windows blue screen crashes ( a.k.a. BSOD ) or as I like to term them, Windows Stop code crashes can be for a variety of reasons.  Some  may be related to hardware. Some to glitches in Windows operating system,  Some maybe due to conflicts with hardware drivers or software drivers.   Some to program conflicts.

If we look at the top Stop code crash, it shows the STOP code due to "IRQL NOT Less or equal".  Those are typically due to a bad driver, or faulty or incompatible hardware or software.

The question is,  when was this event  and does the same one re-appear each day, every other day, or just some times ?

You should have a paper pad and pencil handy by your computer, so that the next time there is a STOP crash, that you write down the date and also jot down just which program was the main one in use at that moment.

You mentioned that the top one had happened 15 days ago.   So the PC  ( it looks like ) has not had a crash in some 2 weeks.

For The last screen, I cannot make out what the Stop crash was about.

.

I do need to point out that this forum section is for malware removal help.  If I conclude that there is no malware,  and if then there are still the same issue as when you started the case, then I will likely refer you elsewhere.

.

We have done scans with Malwarebytes for Windows, Malwarebytes Adwcleaner, MS Safety Scanner, ESET online scan.  Plus TrenMicroHousecall.

I tend to believe that there is not a onboard infection.

.

As far as the FRST report,  I notice a few things.  There is one that says

Quote

Error: (09/30/2020 07:48:00 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

And there is an apparent failure related to Microsoft Windows Update,   And there is one update fail event for Malwarebytes for Windows.

.

I am going to start with some advice here, starting with the request (while this case is on going) to keep keenly aware of which program applications you are using at the moment of a crash, if there is another one.

At this time,  I would like for you to insure that only just the minimum of applications are auto-loaded at the Windows startup.

 I suggest to put this Windows into a "clean boot startup"  meaning to suppress all auto-start apps that are not Microsoft, not Windows, not Malwarebytes. 

Kaspersky Total Security  you can leave as is.   Anything for networking can also be left as is.

How to perform a clean boot in Windows
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

Study closely that article.  Keep a pen & paper handy & document the apps that you un-tick from auto-starting

Like I say, document your changes.   For your benefit / for later.   Please confirm you have done this procedure at your next Reply.

Much later on you can turn on a handful of programs ( at a time) so that you can test to see if one of them is the source of STOP crash abort.

.

[     2      ]

There is one setting in Malwarebytes that needs to be off.   
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 
Click the Security Tab. Scroll down to 
"Windows Security Center"
Look at the  the line "Always register Malwarebytes in the Windows Security Center".   Make sure it is set to Off.

{  OFF position is all the way to the left. }

 

Now, click the tab marked GENERAL.   Look for the button marked "Check for Updates" and click it.  Be sure to follow all prompts.  Lets be sure it is up-to-date.
Close Malwarebytes when done.
 

[     3     ]

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/


and Save to your Desktop.
Right-Click on fss.exe and select Run As Admisnitrator.
 
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

 


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Attach the report  file      FSS.txt into your reply. 

 

[      4      ]

Please download MiniToolBox save it to your desktop and run it. 

Reply YES when prompted by Windows to Allow the program to run.
Reply YES when prompted by the tool to proceed.

Checkmark the following check-boxes:
 

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Minidump Files

Click Go and post the result ( MTB.txt ). A copy of Result.txt will be saved in the same directory the tool is run. 
Note: When using Reset FF Proxy Settings option Firefox should be closed. 

[     5      ]

SecurityCheck by glax24    

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.
Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then
Click on the MORE INFO spot and over-ride that and allow it to proceed.
This tool is safe.   Smartscreen is overly sensitive.
Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
 

We will do more later.   Have faith & patience.

Sincerely.

Link to post
Share on other sites

Hi.   Thanks for the reports.

At least, "program" is disabled.   for the time being, we can leave that be.

The SeecurityCheck tool does point out some Update issues that you should address.   The first and most important is about Kaspersky

Kaspersky Total Security v.20.0.14.1085 Warning! Download Update

Take the time a s a p   to do a Update check run using the Kaspersky Total Security.

.

also

Zoom v.5.2.3 (45120.0906) Warning! Download Update

.

Let me know when that has been done.

.

By the way, the Windows event logs show issues related to Kaspersky program

Date: 2020-09-30 08:04:49.781
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

.

The following custom is to run the Windows System File Checker tool, the Windows DISM tool to check the system, help out with Microsoft Windows Update,  and to rebuild the Winsock.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

 

The system will be rebooted after the script has run.

.

This custom script is for  Chezzyfries  only / for this machine only.

 
Close and save any open work files before starting this procedure.    If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

I am sending a    custom Fix script which is going to be used by the FRST64  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRST64 .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.